SSL Documentation
This question is related to the use of HMAC routines in OpenSSL.
Since the Openssl documentation is small on the weak side in certain areas, profiling has shown that with:
unsigned char *HMAC(const EVP_MD *evp_md, const void *key,
int key_len, const unsigned char *d, int n,
unsigned char *md, unsigned int *md_len);
From here , shows 40% of my runtime library dedicated to creating and deleting HMAC_CTX behind the scenes.
There are also two additional functions for quickly creating and destroying HMAC_CTX :
HMAC_CTX_init () initializes HMAC_CTX before first use. He must be called.
HMAC_CTX_cleanup () erases the key and other data from HMAC_CTX and releases any related resources. This should be called when HMAC_CTX is not longer.
These two function calls are prefixed:
The following functions can be used if the message is not fully stored in memory.
My data is completely stored in memory, so I choose the HMAC function - the one whose signature is shown above.
Context, as described in the man page, is used with the following two functions:
HMAC_Update () can be called repeatedly with pieces of the message, which must be authenticated (len bytes with data).
HMAC_Final () places the authentication code message in md, which should be the case for the hash function output.
Application area
(HMAC, nonce), CBC-BF . - Windows/Linux , nginx, Apache IIS - - Python/.NET ++.
, , - , ( ).
40% (1) /(2) ? (2) , , , , , . ,
(1) , , , , CTX? HMAC_final() CTX ? ".
(2) : CTX.
(3) HMAC? CTX ?
.